Announcements

Remote Control for all devices running Android 7+ is here!

(Incl. Google Pixel series, Xiaomi smartphones, Oppo devices, and many more)


Learn more

Highlighted
Posted by
Henagon

TeamViewer pushing Malware certificate from ONRENTS4U.COM??

Everytime I start teamviewer this is the popup I am getting after trying to close a session. I have been seeing this for about a month now but just closed it being in a hurry. Can someone tell me why I am getting a certificate push from teamviewer for ONRENTS4U.COM?

I also didn't know where to post this so endpoint sounded like a safe bet.

TEAMVIEWER_CERTIFICATE.png

 

5 Replies
5 Replies
Highlighted
Posted by Remote Management Staff
Remote Management Staff

Re: TeamViewer pushing Malware certificate from ONRENTS4U.COM??

Hi @dgun469 

I am not sure why this situation is occurring. What actions are you trying to take when this is appearing besides the Closing of a session? Do you have the browser open while this is happening?

Please get in touch with our Support to investigate this issue more. We never got this situation before. I will ask for this case to be moved to the TeamViewer community as this is the community for Remote management Services. 

Product Owner, Remote Management services.
Highlighted
Posted by
Henagon

Re: TeamViewer pushing Malware certificate from ONRENTS4U.COM??

Browser was already open however I was on the NASA website which wasn't the same website I was on the last time this popped up. The browser hasn't always been opened during my sessions with TeamViewer. This certificate push did NOT prompt me to open a website. I input the website myself and opened it to see where it was leading to.

TeamViewer was NOT running on this client when I clicked to open TeamViewer. I then connected to another computer on this network to view footage on security cameras. After closing the session this security alert immediately popped up asking me to proceed with installing the certificate. That is exactly how it happens every single time except I had my browser open this time. Thank you for your response @Stanislav 

Update: Unfortunatly using the free version is not allowing me to open a ticket with support @Stanislav. Perhaps you could send this to support for a closer look? It isn't really a bother to me however if it is in fact malware and other users are installing this certificate it could be very dangerous and eventually infect millions. It may be on TeamViewer servers, who knows??? I'm just trying to help.

Highlighted
Posted by Senior Moderator Senior Moderator
Senior Moderator

Re: TeamViewer pushing Malware certificate from ONRENTS4U.COM??

Hello @dgun469 

Thank you for the clarification. 

We have forwarded this internally, to see if there is any clarification.

We will update here once we have anything else.

Thanks in advance for your patience 🙏

Josh P.
Senior Moderator

If my reply answered your question, help out other users and click the Accept as a Solution  button below.

You can also say thanks by clicking on the Thumbs Up button!

Thanks for being an active member of our Community!

Japanese Community (日本語コミュニティ) |  Chinese Community (中文社区) |  German Community (Deutschsprachig) | French Community (Communauté française) | English Community | Spanish Community (Comunidad española)

Highlighted
Posted by
Photon

Re: TeamViewer pushing Malware certificate from ONRENTS4U.COM??

most likely you have a problem with you version of internet explorer. sometimes after closing a connection, teamviewer is droping an ad or some info using your local installed version of internet explorer. in this case it could be you have an issue/malware/adware etc. installed on that. It happened to me also with some scripting errors I got, due to some strange plugins I had used in internet explorer.

Highlighted
Posted by
Henagon

Re: TeamViewer pushing Malware certificate from ONRENTS4U.COM??

@Nefer First I do not use Internet Explorer and do not know anyone who has in at least a decade. Second Internet Explorer has been disabled in program features and blocked in every registry entry I could find. No form of IE nor Edge exists on this network outside of the program being part of Windows 10 itself. I also stated that a browser was not always open just like today when I got the same popup.

I managed to grab these DNS names from the certificate. Not sure if it is helpful or not but here is the list I grabbed.

DNS Name=cpanel.mythememarket.com
DNS Name=cpanel.onrents4u.com
DNS Name=mail.mythememarket.com
DNS Name=mail.mythememarket.com.md-in-44.webhostbox.net
DNS Name=mail.onrents4u.com
DNS Name=mythememarket.com
DNS Name=mythememarket.com.md-in-44.webhostbox.net
DNS Name=onrents4u.com
DNS Name=onrents4u.mythememarket.com
DNS Name=webdisk.mythememarket.com
DNS Name=webdisk.onrents4u.com
DNS Name=webmail.mythememarket.com
DNS Name=webmail.onrents4u.com
DNS Name=www.mythememarket.com
DNS Name=www.mythememarket.com.md-in-44.webhostbox.net
DNS Name=www.onrents4u.com
DNS Name=www.onrents4u.mythememarket.com